Subscription to the full report on a daily basis can be obtained:
Send an eMail to dhsdailyadmin@mail.dhs.osis.gov with the subject "DHS Daily Open Source Infrastructure Report" and the following line in the body...subscribe.
To obtain a complete copy of the current report proceed to the DHS link below.
To obtain reports more than 10 business days old, send an eMail to DHS_Reports@e-computer-security.com. Be specific as to the reports you wish to receive.

· Officials
from 4 States announced July 2 that BP would pay $18.7 billion to resolve
charges related to a 2010 Gulf of New Mexico oil spill that was declared an
environmental disaster. – USA Today

1. July 2,
USA Today – (National) Gulf States reach $18.7 billion settlement
with BP over 2010 oil spill. Officials from Florida, Alabama, Mississippi,
and Louisiana announced July 2 that BP would pay $18.7 billion in a settlement
resolving charges related to a 2010 Gulf of Mexico oil spill that was declared
an environmental disaster. The funds will be used to resolve Clean Water Act
penalties, natural resources damage claims, economic claims, and economic
damage claims for local governments. Source: http://www.usatoday.com/story/money/business/2015/07/02/gulf-states-reach-187b-settlement--bp-over-oil-spill/29611451/

· The
Washington Navy Yard in the District of Columbia was under lockdown for over 2
hours July 2 after authorities received reports of an active shooter. – CNN

20. July
2, CNN – (Washington, D.C.) Washington Navy Yard: police say ‘all
clear’ after lockdown. The Washington Navy Yard was under lockdown for over
2 hours July 2 after authorities received reports of an active shooter in
building 197 that prompted the evacuation of employees and sent dozens of
police crews and ambulances to respond to the incident. Authorities cleared the
building and found no shooter. Source: http://www.cnn.com/2015/07/02/politics/navy-yard-shooting-lockdown-police-activity/index.html

· New York
officials reported July 1 that a new superintendent was hired at the Clinton
Correctional Facility after an investigation put 22 prison employees on
administrative leave following the June 6 escape of 2 convicts. – Associated
Press

6. July 1,
U.S. Securities and Exchange Commission – (Pennsylvania) SEC
charges former stockbroker with conducting Ponzi scheme. The U.S.
Securities and Exchange Commission charged a former stockbroker in Pennsylvania
July 1 with conducting a Ponzi scheme in which he allegedly raised $15.5
million from over 50 investors by selling fraudulent certificates of deposit
(CDs) to customers while promising higher-than-normal interest rates of return,
before spending invested funds on himself or to repay earlier investors.
Source: http://www.sec.gov/news/pressrelease/2015-135.html

7. July 1,
Jackson Clarion-Ledger – (Mississippi) North Miss. bank robbery
suspect had gun, pipe bomb. Saltillo, Mississippi Police Department
officials reported July 1 that they arrested a man suspected of robbing a First
American National Bank with a firearm and a pipe bomb. A local bomb squad
responded and closed the area surrounding the bank. Source: http://www.clarionledger.com/story/news/2015/07/01/saltillo-bank-robbery/29560335/

For additional stories, see items 28 and 31 below in the Information Technology
Sector

Information Technology Sector

26. July 2,
Threatpost – (International) Cisco UCDM platform ships with default,
static password. Cisco warned customers that its Unified Communications
Domain Manager Platform software versions prior to 4.4.5 have a default, static
password for an account with root privileges, possibly allowing an
unauthenticated remote attacker to take full control of an affected system with
root privileges. Source: https://threatpost.com/cisco-ucdm-platform-ships-with-default-static-password/113591

28. July 2,
Securityweek – (International) PCI Council updates Point-to-Point Encryption
Standard. The Payment Card Industry Security Standards Council (PCI SSC)
announced the release of Version 2.0 of its PCI Point-to-Point Encryption
Solution Requirements and Testing Procedures, updating requirements for
encryption products and giving merchants the option to manage their own
encryption solutions for point-of-sale (PoS) locations, among other changes
intended to enhance security and PCI SSC compliance. Source: http://www.securityweek.com/pci-council-updates-point-point-encryption-standard

29. July 1,
Threatpost – (International) LifeLock patches XSS that could’ve led to
phishing. LifeLock patched a cross-site scripting (XSS) vulnerability on
its Web site that could have allowed an attacker to inject HyperText Markup
Language (HTML) into the site’s uniform resource locator (URL) to create a fake
login page to harvest usernames and passwords from customers. Source: https://threatpost.com/lifelock-patches-xss-that-couldve-led-to-phishing/113577

30. July 1,
Securityweek – (International) Flaw in 802.11n standard exposes wireless
networks to attacks: researchers. Security researchers in Belgium
discovered a vulnerability in the frame aggregation mechanism in the 802.11n
wireless networking standard in which an attacker could use a Packet-in-Packet
(PIP) technique to inject arbitrary frames into wireless networks, allowing
access to internal services. Source: http://www.securityweek.com/flaw-80211n-standard-exposes-wireless-networks-attacks-researchers

31. July 1,
Help Net Security – (International) 4,900 new Android malware strains discovered
every day. Security researchers from G DATA reported that they discovered
440,267 new Android malware strains in the first quarter of 2015, and that at
least 50 percent of the malware currently being distributed includes banking
trojans and SMS trojans for financial motivations, among other findings.
Source: http://www.net-security.org/malware_news.php?id=3067

33. July 1,
Threatpost – (International) Patched Apple Quicktime vulnerability details
disclosed. Security researchers from Cisco released details on a recently
patched use-after-free vulnerability in Apple’s QuickTime media player in which
an attacker could access and control data inside the internal data in a
QuickTime file to remotely execute code on a targeted system. Source: https://threatpost.com/patched-apple-quicktime-vulnerability-details-disclosed/113570

For another
story, see item 18 below from the Government Facilities Sector

18. July 2, Help Net Security– (Massachusetts) Harvard
University suffers IT security breach. Harvard University announced July 1
that 8 of its schools and administrative organizations were affected by a data
breach discovered June 19. Federal law enforcement is working with the school
to conduct a forensic investigation. Source: http://www.net-security.org/secworld.php?id=18586

Links

About Me

U.S. Army Retired Chief Warrant Officer with more than 40 years in information technology and 35 years in information security. Became a Certified Information Systems Security Professional in 1995 and have taught computer security in Asia, Canada and the United States. Wrote a computer security column for 5 years in the 1980s titled "for the Sake Of Security", penname R. E. (Bob) Johnston, which was published in Computer Decisions.
Motto: "When entrusted to process, you are obligated to safeguard"